Isaac105

Thank you so much for your help

It doesn't seem like my browser is hijacked anymore. It doesn't redirect me to random websites now. Does the PC look clean now?

Not sure why that log posted with such ugly formatting. Trying again. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=feccc4b3b49ca04982fdac66b465171c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-07 04:57:09 # local_time=2012-08-06 10:57:09 (-0700, Mountain Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 102866 95855651 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=319322 # found=8 # cleaned=8 # scan_time=3228 C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Isaac\Downloads\scandsk.exe Win32/Simda.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@ Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

<p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> <div># version=7</div> <div># iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)</div> <div># OnlineScanner.ocx=1.0.0.6583</div> <div># api_version=3.0.2</div> <div># EOSSerial=feccc4b3b49ca04982fdac66b465171c</div> <div># end=finished</div> <div># remove_checked=true</div> <div># archives_checked=false</div> <div># unwanted_checked=true</div> <div># unsafe_checked=false</div> <div># antistealth_checked=true</div> <div># utc_time=2012-08-07 04:57:09</div> <div># local_time=2012-08-06 10:57:09 (-0700, Mountain Daylight Time)</div> <div># country="United States"</div> <div># lang=1033</div> <div># osver=6.1.7601 NT Service Pack 1</div> <div># compatibility_mode=512 16777215 100 0 0 0 0 0</div> <div># compatibility_mode=5893 16776573 100 94 102866 95855651 0 0</div> <div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div> <div># scanned=319322</div> <div># found=8</div> <div># cleaned=8</div> <div># scan_time=3228</div> <div>C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Sirefef.EZ trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AD trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Patched.A.Gen trojan (deleted - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\Users\Isaac\Downloads\scandsk.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Simda.B trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Agent.BA trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Conedex.B trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Sirefef.AP trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div>C:\_OTL\MovedFiles\08052012_143806\C_Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div> </div>

ComboFix log: ComboFix 12-08-05.02 - Isaac 08/05/2012 17:07:13.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8104.6366 [GMT -6:00] Running from: c:\users\Isaac\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe E:\Autorun.inf . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))) . . 2012-08-05 23:12 . 2012-08-05 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-05 20:38 . 2012-08-05 20:38 -------- d-----w- C:\_OTL 2012-08-05 00:49 . 2012-08-05 00:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 23:34 . 2012-08-04 23:34 -------- d-----w- c:\programdata\Stardock 2012-08-04 23:34 . 2012-08-04 23:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-04 23:31 . 2012-08-04 23:31 -------- d-----w- c:\program files (x86)\Stardock Entertainment 2012-07-30 02:12 . 2012-07-30 02:13 -------- d-----w- c:\users\Isaac\AppData\Roaming\Mount&Blade Warband 2012-07-29 16:24 . 2012-07-29 16:24 -------- d-----w- c:\users\Isaac\AppData\Local\CrashRpt 2012-07-23 19:40 . 2012-07-23 19:40 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-07-23 18:59 . 2012-07-23 18:59 -------- d-----w- c:\programdata\ATI 2012-07-23 18:59 . 2012-07-23 18:59 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-19 18:23 . 2012-07-19 18:23 -------- d-----w- c:\program files (x86)\Remedy Entertainment 2012-07-16 02:08 . 2012-07-16 22:21 -------- d-----w- c:\users\Isaac\AppData\Roaming\DarknessII 2012-07-15 23:59 . 2012-07-16 00:08 -------- d-----w- c:\users\Isaac\AppData\Local\ApplicationHistory 2012-07-15 23:59 . 2012-07-15 23:59 61440 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut2_8DE78A52B79D45749D2AA56C90CEEA8D.exe 2012-07-15 23:59 . 2012-07-15 23:59 61440 ----a-r- c:\users\Isaac\AppData\Roaming\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut1_8DE78A52B79D45749D2AA56C90CEEA8D.exe 2012-07-15 23:59 . 2012-07-15 23:59 -------- d-----w- c:\program files (x86)\Bagatrix 2012-07-15 23:49 . 2012-07-15 23:49 -------- d-----w- c:\users\Isaac\AppData\Roaming\U3 2012-07-13 20:02 . 2012-07-13 20:02 -------- d-----w- c:\users\Isaac\AppData\Roaming\2K Sports 2012-07-13 19:44 . 2012-07-13 19:44 -------- d-----w- c:\program files (x86)\2K Sports 2012-07-10 05:56 . 2012-07-10 07:02 -------- d-----w- c:\program files (x86)\Electronic Arts 2012-07-09 17:52 . 2012-07-09 19:23 -------- d-----w- c:\users\DefaultAppPool 2012-07-09 02:44 . 2012-07-09 02:44 -------- d-----w- c:\program files (x86)\Microsoft WSE 2012-07-08 05:21 . 2012-07-08 05:21 -------- d-----w- c:\program files (x86)\Maxis . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-05 00:49 . 2012-02-16 23:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-02 05:40 . 2012-02-17 14:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-02 05:40 . 2012-02-17 13:17 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-02 05:40 . 2012-02-17 13:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-03 19:46 . 2012-02-16 20:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-29 10:04 . 2012-08-04 19:50 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4E2115AC-8E94-4138-8C51-FD385716A73D}\mpengine.dll 2012-06-14 16:54 . 2012-02-17 13:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-06-11 19:50 . 2012-06-11 19:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 19:50 . 2012-06-11 19:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 19:50 . 2012-06-11 19:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 19:50 . 2012-06-11 19:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 19:50 . 2012-06-11 19:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 19:50 . 2012-06-11 19:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 19:49 . 2012-06-11 19:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-10-12 20:14 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-10-12 20:13 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-10-12 19:54 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-03-20 19:08 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2011-10-12 19:44 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2011-10-12 19:33 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-03-20 19:09 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-10-12 19:29 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-03-20 19:10 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2011-10-12 19:29 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-07 00:29 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-06-07 00:29 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-06-04 06:29 . 2012-06-04 06:29 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2012-06-04 06:24 . 2012-06-04 06:24 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-02 22:19 . 2012-06-23 15:49 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-23 15:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-23 15:50 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-23 15:50 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-23 15:49 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-23 15:50 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-23 15:49 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 21:19 . 2012-06-23 15:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 21:15 . 2012-06-23 15:49 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 18:25 . 2012-02-16 21:18 279656 ------w- c:\windows\system32\MpSigStub.exe 2009-04-14 21:45 . 2012-04-01 01:40 10975264 ----a-w- c:\program files\RTLCPL.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-12 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-02-16 4942336] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 gwfilt64;Service 2 for Creative X-Fi Audio (WDM);c:\windows\system32\drivers\gwfilt64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-18 1255736] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-04 283200] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-02-16 15936] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S2 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-02-16 31808] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MBfilt;Service for Creative X-Fi Audio (WDM);c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 126464] S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-07 66336] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}] \shell\AutoRun\command - J:\Setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000Core.job - c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 21:12] . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000UA.job - c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 21:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024] "XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 24.116.2.50 24.116.2.34 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file) Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\Software\SecuROM\License information*] "datasecu"=hex:60,f1,21,b9,e5,ed,80,ca,ce,d4,8a,28,fd,51,0e,94,e7,68,e1,1e,f1, bc,d9,a2,88,60,bb,52,04,36,16,97,ce,af,5f,6a,e5,15,d8,e0,b2,b0,6c,fb,a0,e8,\ "rkeysecu"=hex:53,9c,85,6f,f1,18,50,8d,59,dd,47,19,a4,75,58,97 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-08-05 17:17:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-05 23:17 . Pre-Run: 417,723,514,880 bytes free Post-Run: 417,562,767,360 bytes free . - - End Of File - - BD44A678120EE9E9836C54C8D5F00E1D

OTL Log: All processes killed ========== OTL ========== C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L\00000004.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000064.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000004.@ moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\@ moved successfully. ========== FILES ========== C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U folder moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} scheduled to be moved on reboot. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Isaac\Downloads\cmd.bat deleted successfully. C:\Users\Isaac\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Isaac ->Temp folder emptied: 1916455031 bytes ->Temporary Internet Files folder emptied: 37932223 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 345512332 bytes ->Flash cache emptied: 33316 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 356352 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 100778651 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35655608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 2841 bytes Total Files Cleaned = 2,324.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.56.0 log created on 08052012_143806 Files\Folders moved on Reboot... C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U folder moved successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} folder moved successfully. C:\Users\Isaac\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba} not found! File C:\Users\Isaac\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...

Thank you Maniac for taking the time to help me with this problem. Here are the contents of the OTL.Txt followed by the Extras.Txt: OTL logfile created on: 8/5/2012 12:17:21 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Isaac\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.91 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.48% Memory free 15.83 Gb Paging File | 13.06 Gb Available in Paging File | 82.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 388.23 Gb Free Space | 55.58% Space Free | Partition Type: NTFS Drive E: | 591.29 Gb Total Space | 86.60 Gb Free Space | 14.65% Space Free | Partition Type: NTFS Drive J: | 322.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/05 12:16:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Isaac\Downloads\OTL.exe PRC - [2012/08/04 18:59:37 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/14 10:54:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/02/16 14:19:35 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe PRC - [2011/04/12 16:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe PRC - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe ========== Modules (No Company Name) ========== MOD - [2012/08/02 01:34:12 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/08/02 01:34:10 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/08/02 01:34:08 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012/08/02 01:34:06 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/08/02 01:34:04 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/07/30 23:36:14 | 000,442,392 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll MOD - [2012/07/30 23:36:13 | 012,235,288 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll MOD - [2012/07/30 23:36:12 | 003,997,720 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll MOD - [2012/07/30 23:34:57 | 000,526,872 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll MOD - [2012/07/30 23:34:55 | 000,104,984 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll MOD - [2012/07/30 23:34:45 | 000,144,424 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll MOD - [2012/07/30 23:34:43 | 000,266,792 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll MOD - [2012/07/30 23:34:42 | 002,480,680 | ---- | M] () -- C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll MOD - [2012/06/06 18:42:20 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll MOD - [2012/06/06 18:40:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll MOD - [2012/06/06 18:40:10 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll MOD - [2012/06/06 18:40:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll MOD - [2012/06/06 18:39:54 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2012/06/06 18:39:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2012/06/06 18:39:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll MOD - [2012/06/06 18:39:40 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2012/06/06 18:39:38 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2012/06/06 18:39:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2012/06/06 18:39:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/06/11 11:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/07/04 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/19 19:22:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/06/14 10:54:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/02/22 13:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/22 13:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/09/02 15:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe -- (WCUService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/11 12:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/06/11 10:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/06/04 00:24:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/02/16 14:40:36 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2012/02/16 14:19:35 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/02/09 00:06:36 | 000,125,376 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2011/07/07 17:05:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011/04/21 12:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/14 21:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/31 16:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\..\SearchScopes\{9C4BB080-4DDA-4217-A796-D386DAFF03BC}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Isaac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/31 17:36:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/31 17:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isaac\AppData\Roaming\Mozilla\Extensions [2012/03/31 17:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: chrome-internal: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: chrome-internal: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Isaac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Turn Off the Lights = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.2_0\ CHR - Extension: Turn Off the Lights = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\ CHR - Extension: YouTube = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\1.2.1_0\ CHR - Extension: Google Search = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Cut the Rope = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\ CHR - Extension: TinEye Reverse Image Search = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\ CHR - Extension: Steamgifts Enhancement Addon = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkplieclhgncoiionlliincopnejllo\2.0_0\ CHR - Extension: Hover Zoom = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.5_0\ CHR - Extension: Battlefield 3 = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagmklehiaheilihklokljahmoihkjni\1_0\ CHR - Extension: Gmail = C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000..\Run: [zASRockInstantBoot] File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCEC6F6B-53BF-4F4B-BC9C-8D400ACAD85C}: DhcpNameServer = 24.116.2.50 24.116.2.34 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/28 10:57:34 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ] O32 - AutoRun File - [2008/04/01 14:53:24 | 000,000,071 | -H-- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012/08/04 11:51:46 | 000,000,076 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}\Shell - "" = AutoRun O33 - MountPoints2\{96a0fe72-a844-11e1-80b0-bc5ff41ac965}\Shell\AutoRun\command - "" = J:\Setup.exe -- [2012/08/04 14:27:36 | 332,970,496 | R--- | M] () O33 - MountPoints2\{e84e4fce-c15e-11e1-9575-bc5ff41ac965}\Shell - "" = AutoRun O33 - MountPoints2\{e84e4fce-c15e-11e1-9575-bc5ff41ac965}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/05 00:18:29 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\RK_Quarantine [2012/08/04 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\rkill-backup [2012/08/04 22:44:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Isaac\Desktop\HijackThis.exe [2012/08/04 17:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2012/08/04 17:34:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/04 17:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Entertainment [2012/08/04 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Entertainment [2012/07/30 10:47:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/07/29 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Mount&Blade Warband Savegames [2012/07/29 20:12:53 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Mount&Blade Warband [2012/07/29 20:12:52 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade Warband [2012/07/29 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Local\CrashRpt [2012/07/29 10:23:25 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Desktop\JC2MP [2012/07/23 12:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012/07/23 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012/07/23 12:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012/07/19 13:47:36 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Remedy [2012/07/19 12:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment [2012/07/19 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remedy Entertainment [2012/07/16 18:48:55 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Square Enix [2012/07/15 20:08:57 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\DarknessII [2012/07/15 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Local\ApplicationHistory [2012/07/15 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bagatrix [2012/07/15 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagatrix [2012/07/15 17:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2012/07/15 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Math Programs [2012/07/15 17:49:16 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\U3 [2012/07/14 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\SEGA [2012/07/13 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\2K Sports [2012/07/13 13:47:50 | 000,000,000 | ---D | C] -- C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports [2012/07/13 13:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports [2012/07/11 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Virtua Tennis 4 [2012/07/10 18:13:19 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\Electronic Arts [2012/07/09 23:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012/07/08 20:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2012/07/07 23:26:27 | 000,000,000 | ---D | C] -- C:\Users\Isaac\Documents\SimCity 4 [2012/07/07 23:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis [2012/07/07 23:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis [2012/03/31 19:40:25 | 010,975,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Program Files\RTLCPL.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/05 12:14:48 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000UA.job [2012/08/05 12:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/04 23:55:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 23:55:37 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/04 23:48:06 | 2077,900,799 | -HS- | M] () -- C:\hiberfil.sys [2012/08/04 20:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273654934-249650159-2022009278-1000Core.job [2012/08/04 17:31:33 | 000,002,364 | ---- | M] () -- C:\Users\Public\Desktop\The Political Machine 2012.lnk [2012/08/01 23:40:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/08/01 23:40:39 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/08/01 23:40:25 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/07/30 10:47:04 | 678,961,782 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/07/27 00:20:09 | 000,871,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/27 00:20:09 | 000,726,678 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/27 00:20:09 | 000,144,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 21:30:27 | 000,415,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/23 15:59:36 | 000,000,285 | ---- | M] () -- C:\Users\Isaac\test.mumblelay [2012/07/23 13:40:23 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2012/07/15 17:59:38 | 000,000,093 | ---- | M] () -- C:\Users\Isaac\AppData\Local\fusioncache.dat [2012/07/15 17:59:11 | 000,002,238 | ---- | M] () -- C:\Users\Isaac\Desktop\Calculus Solved!.lnk [2012/07/15 17:56:13 | 000,887,372 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/13 13:47:50 | 000,001,158 | ---- | M] () -- C:\Users\Isaac\Desktop\NBA 2K12.lnk [2012/07/07 23:22:02 | 000,000,530 | ---- | M] () -- C:\Windows\eReg.dat [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/05 00:14:26 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ [2012/08/05 00:14:23 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ [2012/08/05 00:14:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ [2012/08/04 17:31:33 | 000,002,364 | ---- | C] () -- C:\Users\Public\Desktop\The Political Machine 2012.lnk [2012/08/04 17:29:07 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\L\00000004.@ [2012/08/04 17:29:06 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000064.@ [2012/08/04 17:29:05 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000000.@ [2012/08/04 17:28:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000004.@ [2012/07/30 10:47:04 | 678,961,782 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/07/23 15:59:36 | 000,000,285 | ---- | C] () -- C:\Users\Isaac\test.mumblelay [2012/07/23 13:40:23 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/07/15 17:59:38 | 000,000,093 | ---- | C] () -- C:\Users\Isaac\AppData\Local\fusioncache.dat [2012/07/15 17:59:11 | 000,002,238 | ---- | C] () -- C:\Users\Isaac\Desktop\Calculus Solved!.lnk [2012/07/13 13:47:50 | 000,001,158 | ---- | C] () -- C:\Users\Isaac\Desktop\NBA 2K12.lnk [2012/07/07 23:22:02 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2012/06/04 00:29:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012/05/16 20:09:22 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/03/20 13:09:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/03/20 13:05:56 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/03/13 16:13:27 | 000,887,372 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/02/17 23:31:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/02/17 07:17:20 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/02/17 07:17:19 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/02/17 04:16:04 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\@ [2012/02/16 14:22:11 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2012/02/16 14:22:11 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2012/02/16 14:22:11 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2012/02/16 14:22:10 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012/02/16 14:22:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012/02/16 14:19:59 | 000,000,003 | ---- | C] () -- C:\Users\Isaac\AppData\Local\user_data.ini [2012/02/16 14:12:18 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/02/16 14:12:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/02/16 14:12:18 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/02/16 14:12:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012/02/16 14:12:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/02/16 14:10:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012/05/06 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\.minecraft [2012/07/13 14:02:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\2K Sports [2012/06/04 00:26:04 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DAEMON Tools Lite [2012/07/16 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DarknessII [2012/02/16 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\DeviceVm [2012/07/29 20:13:47 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mount&Blade Warband [2012/08/02 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Mumble [2012/02/16 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Origin [2012/06/12 13:17:06 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\PunkBuster [2012/02/27 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\The Creative Assembly [2012/05/07 01:33:03 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\TS3Client [2012/05/06 23:11:19 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\ts3overlay [2012/02/25 05:02:34 | 000,000,000 | ---D | M] -- C:\Users\Isaac\AppData\Roaming\Ubisoft [2009/07/13 23:08:49 | 000,010,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/5/2012 12:17:21 PM - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Isaac\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.91 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.48% Memory free 15.83 Gb Paging File | 13.06 Gb Available in Paging File | 82.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 388.23 Gb Free Space | 55.58% Space Free | Partition Type: NTFS Drive E: | 591.29 Gb Total Space | 86.60 Gb Free Space | 14.65% Space Free | Partition Type: NTFS Drive J: | 322.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ISAAC-PC | User Name: Isaac | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit) "{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager "{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CPUID CPU-Z_is1" = CPUID CPU-Z 1.59 "CPUID HWMonitor_is1" = CPUID HWMonitor 1.19 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "VIRTU_is1" = VIRTU 1.2.104 "WinRAR archiver" = WinRAR archiver "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12 "{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff "{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish "{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0 "{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff "{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy "{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional "{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night "{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German "{5B0CE14A-B9B6-4E25-A1BE-3EEC1998AC2C}" = SmartView Software Updater "{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian "{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}" = Calculus Solved! "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch "{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian "{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian "{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish "{A93F2D1C-9146-41BC-B662-60DB662B1FFA}_is1" = Gnomoria Demo version 0.8.2.1 "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™ "{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio "{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDCA3C32-FCE7-40E8-8CB5-7B0E87ADDFC9}_is1" = Majesty 2: The Fantasy Kingdom Sim "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision "{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard "{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff "{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Alan Wake_is1" = Alan Wake "ASRock InstantBoot_is1" = ASRock InstantBoot v1.29 "Battlelog Web Plugins" = Battlelog Web Plugins "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESN Sonar-0.70.4" = ESN Sonar "FIFA 12 © EA_is1" = FIFA 12 © EA version 1 "Fraps" = Fraps (remove only) "GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™ "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "OpenAL" = OpenAL "Origin" = Origin "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale "Red Alert 2" = Command & Conquer Red Alert 2 "Rockstar Games Social Club" = Rockstar Games Social Club "Saints Row The Third_is1" = Saints Row The Third "Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity "StarCraft II" = StarCraft II "Starfarer" = Starfarer by Fractal Softworks LLC "Steam App 105600" = Terraria "Steam App 107100" = Bastion "Steam App 113200" = The Binding of Isaac "Steam App 17710" = Nuclear Dawn "Steam App 1840" = Source Filmmaker "Steam App 19900" = Far Cry 2 "Steam App 34330" = Total War: SHOGUN 2 "Steam App 400" = Portal "Steam App 42910" = Magicka "Steam App 440" = Team Fortress 2 "Steam App 44320" = DiRT 3 "Steam App 4700" = Medieval II: Total War "Steam App 4780" = Medieval II: Total War Kingdoms "Steam App 48700" = Mount & Blade: Warband "Steam App 500" = Left 4 Dead "Steam App 8190" = Just Cause 2 "Steam App 99300" = Renegade Ops "The Political Machine 2012_is1" = The Political Machine 2012 "The Walking Dead © 3_is1" = The Walking Dead © 3 version 1 "VLC media player" = VLC media player 1.1.11 "XFastUsb" = XFastUsb ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4273654934-249650159-2022009278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/5/2012 3:45:13 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12012 Error - 8/5/2012 3:45:13 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12012 Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13010 Error - 8/5/2012 3:45:14 AM | Computer Name = Isaac-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13010 Error - 8/5/2012 2:14:39 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x000cb312 Faulting process id: 0xfcc Faulting application start time: 0x01cd73362dab464e Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 6b5e709f-df29-11e1-99b4-bc5ff41ac965 Error - 8/5/2012 2:15:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0136b312 Faulting process id: 0x47c Faulting application start time: 0x01cd7336558dd1cf Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: 933a1e37-df29-11e1-99b4-bc5ff41ac965 Error - 8/5/2012 2:16:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0023b312 Faulting process id: 0xcec Faulting application start time: 0x01cd7336795c4c67 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: b70c425d-df29-11e1-99b4-bc5ff41ac965 Error - 8/5/2012 2:17:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x0010b312 Faulting process id: 0x1028 Faulting application start time: 0x01cd73369d2e226c Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: dada6ed4-df29-11e1-99b4-bc5ff41ac965 Error - 8/5/2012 2:18:46 PM | Computer Name = Isaac-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011 Exception code: 0xc0000005 Fault offset: 0x00e7b312 Faulting process id: 0x11e4 Faulting application start time: 0x01cd7336c1032ccc Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: 80000032.@ Report Id: feb349d3-df29-11e1-99b4-bc5ff41ac965 [ System Events ] Error - 8/5/2012 12:49:18 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 8/5/2012 1:48:31 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 8/5/2012 1:48:31 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 8/5/2012 1:48:34 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 8/5/2012 1:51:12 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 8/5/2012 1:51:12 AM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 8/5/2012 2:14:47 PM | Computer Name = Isaac-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 < End of report >

MBAM has caught an infection from Rootkit.0Access and Trojan.Dropper.BCMiner malware that it doesn't seem to be able to permanently remove. The malware reinstalls itself nearly immediately from what I can tell even though MalwareBytes claims to have successfully quarantined and deleted it. Posting the logs per instruction: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.04.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Isaac :: ISAAC-PC [administrator] Protection: Enabled 8/5/2012 12:09:34 AM mbam-log-2012-08-05 (00-09-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216613 Time elapsed: 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{630cbfff-1079-4d3b-4ab5-2f8b828960ba}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. (end) Attach.txt